Cross realm auth with MS Server 2003 and MIT kerb

BarBaar beurdy at priest.com
Fri Oct 22 10:28:03 EDT 2004


Hi all,

I took a little step backward today. First I tried to acces a Debian
telnet service with a WinXP client, and a Windows 2003 server KDC.
This was no problem (the client is a member of the 2003 domain).

The next step was to authenticate on a MIT KDC with the WinXP client.
The WinXP client needs the autenticate on the KDC. This first failed
for the same reason as I described in the first post here (the KDC
does receive the request (AS and TGS) but the the WinXP authentication
did fail.

Then I started to read again in O'reilly's boek, and saw that there is
more involved in getting a WinXP client to talk to a MIT KDC.

I needed to use ksetup:
ksetup /setdomain TEST2.NL
ksetup /addkdc TEST2.NL kdc.test2.nl 
ksetup /addkpassword TEST2.NL
ksetup /setmatchpassword winxp.test2.nl <password>

After did I was able to use Kerberos on the WinXP box (and thus use
MIT Kerberos)..

I never took those stepd before. Do I need to execute any of these
commands on the 2003 server to make cross-realm auth possible? I am a
little confused about this at the moment.

Thanks,

Bart


More information about the Kerberos mailing list